InfectionVundo et autres
Résolu
nonoy54
Messages postés
460
Statut
Membre
-
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
Bonjour à tous.
Je me permets de demander de l'aide. Mon PC rame de plus en plus, bien que j'essaie de le nettoyer depuis hier avec spybot, ccleaner...
Avast ne semble plus guère fonctionner malgres la reinstallation et un scan en ligne avec bitdefender me trouve au moins 4 virus (vundo.d, agent AFSZ..) dont un dans avast!!!
Un rapport Hijackthis analysé en ligne me signalait quelques problème que j'ai résolu mais je suis toujours infesté.
Quelque fois mon bureau disparait et Avast de mnde toujours à redemarrer le système.
Merci de votre aide
Je me permets de demander de l'aide. Mon PC rame de plus en plus, bien que j'essaie de le nettoyer depuis hier avec spybot, ccleaner...
Avast ne semble plus guère fonctionner malgres la reinstallation et un scan en ligne avec bitdefender me trouve au moins 4 virus (vundo.d, agent AFSZ..) dont un dans avast!!!
Un rapport Hijackthis analysé en ligne me signalait quelques problème que j'ai résolu mais je suis toujours infesté.
Quelque fois mon bureau disparait et Avast de mnde toujours à redemarrer le système.
Merci de votre aide
29 réponses
Et voici les rapports. Bonne année à toi ^^Marie^^
ComboFix 07-12-31.4 - claude 2008-01-02 12:23:00.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.213 [GMT 1:00]
Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\claude\Bureau\CFScript.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_M_HOOK
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 12:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 07:18 . 2008-01-02 07:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:18 . 2008-01-01 11:18 <REP> d-------- C:\Program Files\Avira
2008-01-01 10:49 . 2008-01-01 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-30 22:51 . 2007-10-12 09:38 38,118,973 --a------ C:\WINDOWS\LPT$VPN.771
2007-12-30 22:49 . 2007-12-30 22:49 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-30 11:55 . 2007-12-30 11:55 <REP> d-------- C:\Program Files\Ashampoo
2007-12-30 10:46 . 2007-12-30 10:46 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 11:37 . 2008-01-01 14:11 <REP> d----c--- C:\VundoFix Backups
2007-12-29 10:22 . 2007-12-31 15:00 <REP> d-------- C:\Program Files\Trend Micro
2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
2007-12-27 17:57 . 2007-12-31 07:12 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 06:51 . 2007-12-29 22:13 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 11:32 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 07:45 --------- d-----w C:\Program Files\Digidesign
2007-12-01 07:44 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2007-11-27 15:13 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
2007-11-27 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
2007-11-25 17:19 --------- d-----w C:\Program Files\Acoustica Beatcraft
2007-11-25 17:07 --------- d-----w C:\Program Files\Acoustica Shared Effects
2007-11-25 16:19 --------- d-----w C:\Program Files\Sony Setup
2007-11-25 14:35 --------- d-----w C:\Program Files\VstPlugins
2007-11-25 14:34 --------- d-----w C:\Program Files\Image-Line
2007-11-24 22:48 --------- d-----w C:\Program Files\Power Tab Software
2007-11-15 21:14 --------- d-----w C:\Documents and Settings\claude\Application Data\Sibelius Software
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-15 21:09 --------- d-----w C:\Program Files\Sibelius Software
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
2004-01-10 10:29 471,744 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2003-03-18 10:33 2,100,352 ----a-w C:\Program Files\q810847.exe
2003-03-15 13:43 824 ----a-w C:\Program Files\FT1047735746-6099.ins
2003-02-09 07:31 824 ------w C:\Program Files\FT1044775858-4406.ins
2003-01-25 17:17 59,992 ----a-w C:\Program Files\msnaddin.exe
2003-01-03 14:02 134 -c--a-w C:\Program Files\install.txt
2002-12-30 11:43 495,432 -c--a-w C:\Program Files\ie6setup
.
[code]
----a-w 3,251,800 2007-12-31 06:01:57 C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall .exe
----a-w 139,264 2007-12-27 22:18:12 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor .exe
----a-w 204,288 2008-01-02 05:43:12 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 15,360 2007-12-31 06:12:50 C:\WINDOWS\system32\ctfmon .exe
----a-w 45,632 2007-12-29 21:13:06 C:\WINDOWS\system32\taskswitch .exe
[/code]
((((((((((((((((((((((((((((( snapshot@2007-12-31_17.05.56.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-01 10:24:33 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2005-05-16 18:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2006-11-27 01:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"NVIDIA Video drivers"="video_32sD.exe" []
"NAV Scan Service"="NAVscan32.exe" []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 12:36:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-01-02 12:41:43 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 11:41:37
C:\qoobox\ComboFix2.txt 2007-12-31 16:09:07
C:\qoobox\ComboFix3.txt 2007-12-30 09:31:00
C:\qoobox\ComboFix4.txt 2007-12-29 19:34:15
.
2007-12-12 07:03:44 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:43, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\prout\prout.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
ComboFix 07-12-31.4 - claude 2008-01-02 12:23:00.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.213 [GMT 1:00]
Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\claude\Bureau\CFScript.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_M_HOOK
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 12:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 07:18 . 2008-01-02 07:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:18 . 2008-01-01 11:18 <REP> d-------- C:\Program Files\Avira
2008-01-01 10:49 . 2008-01-01 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-30 22:51 . 2007-10-12 09:38 38,118,973 --a------ C:\WINDOWS\LPT$VPN.771
2007-12-30 22:49 . 2007-12-30 22:49 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-30 11:55 . 2007-12-30 11:55 <REP> d-------- C:\Program Files\Ashampoo
2007-12-30 10:46 . 2007-12-30 10:46 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 11:37 . 2008-01-01 14:11 <REP> d----c--- C:\VundoFix Backups
2007-12-29 10:22 . 2007-12-31 15:00 <REP> d-------- C:\Program Files\Trend Micro
2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
2007-12-27 17:57 . 2007-12-31 07:12 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 06:51 . 2007-12-29 22:13 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 11:32 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 07:45 --------- d-----w C:\Program Files\Digidesign
2007-12-01 07:44 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2007-11-27 15:13 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
2007-11-27 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
2007-11-25 17:19 --------- d-----w C:\Program Files\Acoustica Beatcraft
2007-11-25 17:07 --------- d-----w C:\Program Files\Acoustica Shared Effects
2007-11-25 16:19 --------- d-----w C:\Program Files\Sony Setup
2007-11-25 14:35 --------- d-----w C:\Program Files\VstPlugins
2007-11-25 14:34 --------- d-----w C:\Program Files\Image-Line
2007-11-24 22:48 --------- d-----w C:\Program Files\Power Tab Software
2007-11-15 21:14 --------- d-----w C:\Documents and Settings\claude\Application Data\Sibelius Software
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-15 21:09 --------- d-----w C:\Program Files\Sibelius Software
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
2004-01-10 10:29 471,744 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2003-03-18 10:33 2,100,352 ----a-w C:\Program Files\q810847.exe
2003-03-15 13:43 824 ----a-w C:\Program Files\FT1047735746-6099.ins
2003-02-09 07:31 824 ------w C:\Program Files\FT1044775858-4406.ins
2003-01-25 17:17 59,992 ----a-w C:\Program Files\msnaddin.exe
2003-01-03 14:02 134 -c--a-w C:\Program Files\install.txt
2002-12-30 11:43 495,432 -c--a-w C:\Program Files\ie6setup
.
[code]
----a-w 3,251,800 2007-12-31 06:01:57 C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall .exe
----a-w 139,264 2007-12-27 22:18:12 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor .exe
----a-w 204,288 2008-01-02 05:43:12 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 15,360 2007-12-31 06:12:50 C:\WINDOWS\system32\ctfmon .exe
----a-w 45,632 2007-12-29 21:13:06 C:\WINDOWS\system32\taskswitch .exe
[/code]
((((((((((((((((((((((((((((( snapshot@2007-12-31_17.05.56.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-01 10:24:33 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2005-05-16 18:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2006-11-27 01:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"NVIDIA Video drivers"="video_32sD.exe" []
"NAV Scan Service"="NAVscan32.exe" []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 12:36:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-01-02 12:41:43 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 11:41:37
C:\qoobox\ComboFix2.txt 2007-12-31 16:09:07
C:\qoobox\ComboFix3.txt 2007-12-30 09:31:00
C:\qoobox\ComboFix4.txt 2007-12-29 19:34:15
.
2007-12-12 07:03:44 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:43, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\prout\prout.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
Re
Supprime tous les logiciels que je t'ai fait installer
pour compléter la suppression
· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
Installe un pare feu
pare-feu gratuits
télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm
désactivé les parties filtrage web et antivirus de ZA ! C'est important
ou
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
Supprime tous les logiciels que je t'ai fait installer
pour compléter la suppression
· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
Installe un pare feu
pare-feu gratuits
télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm
désactivé les parties filtrage web et antivirus de ZA ! C'est important
ou
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
Ok, je vais faire ceci ce soir.
Concernant le pare feu, j'ai configuré ma freebox en mode routeur Nat et cela fait office de pare feu. Quand je vérifie sur le oueb je suis.... invisible. Est -il quand même conseillé d'en installer un autre?
Si oui, je pencherais plus pour kerio cat zonne alarm est tres lourd
Concernant le pare feu, j'ai configuré ma freebox en mode routeur Nat et cela fait office de pare feu. Quand je vérifie sur le oueb je suis.... invisible. Est -il quand même conseillé d'en installer un autre?
Si oui, je pencherais plus pour kerio cat zonne alarm est tres lourd
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
-->- Recherche:
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\claude\Mes documents\blagues animations\Clean.zip: trouvé !
C:\Documents and Settings\claude\Mes documents\Logiciels et utilitaires\Navilog1.exe: trouvé !
C:\Documents and Settings\claude\Recent\HijackThis.lnk: trouvé !
C:\Hiajckthis\HijackThis.exe: trouvé !
C:\qoobox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\claude\Mes documents\blagues animations\Clean.zip: supprimé !
C:\Documents and Settings\claude\Mes documents\Logiciels et utilitaires\Navilog1.exe: supprimé !
C:\Documents and Settings\claude\Recent\HijackThis.lnk: supprimé !
C:\Hiajckthis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\claude\Mes documents\blagues animations\Clean.zip: trouvé !
C:\Documents and Settings\claude\Mes documents\Logiciels et utilitaires\Navilog1.exe: trouvé !
C:\Documents and Settings\claude\Recent\HijackThis.lnk: trouvé !
C:\Hiajckthis\HijackThis.exe: trouvé !
C:\qoobox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\claude\Mes documents\blagues animations\Clean.zip: supprimé !
C:\Documents and Settings\claude\Mes documents\Logiciels et utilitaires\Navilog1.exe: supprimé !
C:\Documents and Settings\claude\Recent\HijackThis.lnk: supprimé !
C:\Hiajckthis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
Re
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
Puis,
¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
Puis,
¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.
